In the wake of the Stuxnet virus, the topic of international “cyberwar” split IT experts at the world’s top tech fair, some seeing the idea as fanciful, others warning it was already here.
“‘Cyberwar’ has already left the pages of the science-fiction books and has become a reality,” August-Wilhelm Scheer, president of BITKOM, Germany’s high-tech lobby group, told AFP on the sidelines of the CeBIT exposition.
Natalya Kaspersky, president of the Russian IT security firm of the same name, said: “Of course the time of the cyberwar has come. Physical war is very expensive, it costs much less to launch attacks over the Internet.”
The idea of “cyberwar” — or countries attacking each other over the web — has been around for decades but shot to prominence in 2007 when Internet sites were hit in Estonia, at the time embroiled in a diplomatic spat with Russia.
And the concept really hit the headlines last year with the Stuxnet worm, which damaged Iranian nuclear facilities. Media reports in the United States later said the virus was created with the collaboration of the US and Israel.
Many experts at the time concluded the code of the worm was so complex, it could only have been the work of a nation state.
“Stuxnet is going to go down in history as the first cyberweapon of mass destruction,” said Ralph Langner, a German cybersecurity specialist and one of the first scientists to analyse the crippling virus.
“It did not attack virtual targets but rather caused material damage to military objectives, in the same way a bomb attack might,” he told AFP.
Sandro Gaycken, a researcher at Berlin’s Free University, summed up the idea of “cyberwar” in a recent article: “Attacks are no longer coming from teen tech addicts or delinquents, but from states, armies and secret services.”
Others however dismissed the idea of virtual “war” as overblown.
Michael Hange, president of the German government’s IT security agency (BSI) said: “‘Cyberwar’ is a strong word that is nice for the media but I like to be more cautious.”
“In cyberattacks, a country doesn’t exactly leave its calling card. The classical model of war simply does not apply,” added Hange.
This view was shared by international cyberdefence expert Katharina Ziolkowski, who wrote in a recent editorial in the Sueddeutsche Zeitung daily that cyberwar had “nothing to do with military conflict.”
“One day maybe we could have things happening on the Internet that have such serious consequences in the real world that one could talk of armed conflict. But I think we will be safe from this for the next 100 years,” she added.
Nevertheless, governments and some organisations are beginning to take the idea of international cyberwarfare very seriously.
In the United States, legislation has been drafted giving the president the power to disconnect the country from the Internet in the case of a major cyberattack.
And in Germany, the home of the CeBIT, the government last week announced the creation of a new national centre for cyberdefence to protect the country in the event of a virtual attack on, for example, its nuclear power stations.
Showing the potential damage a successful cyberattack could wreak, the American think-tank EastWest has envisaged the creation of “cyberwar rights”, based on the Geneva Convention, to protect civilians in the case of Web war.